Merge branch 'main' into 'Search_Endpoint'

update branch

See merge request !11

.gitignore

@@ -34,3 +34,5 @@ build/
 ### VS Code ###
 .vscode/
 
+requests.http
+

pom.xml

@@ -29,11 +29,25 @@
             <groupId>org.springframework.boot</groupId>
             <artifactId>spring-boot-starter-web</artifactId>
         </dependency>
-        <!--        <dependency>-->
-        <!--            <groupId>org.springframework.boot</groupId>-->
-        <!--            <artifactId>spring-boot-starter-security</artifactId>-->
-        <!--        </dependency>-->
-
+        <dependency>
+            <groupId>org.springframework.boot</groupId>
+            <artifactId>spring-boot-starter-security</artifactId>
+        </dependency>
+        <dependency>
+            <groupId>io.jsonwebtoken</groupId>
+            <artifactId>jjwt-api</artifactId>
+            <version>0.11.5</version>
+        </dependency>
+        <dependency>
+            <groupId>io.jsonwebtoken</groupId>
+            <artifactId>jjwt-impl</artifactId>
+            <version>0.11.5</version>
+        </dependency>
+        <dependency>
+            <groupId>io.jsonwebtoken</groupId>
+            <artifactId>jjwt-jackson</artifactId>
+            <version>0.11.5</version>
+        </dependency>
         <dependency>
             <groupId>com.h2database</groupId>
             <artifactId>h2</artifactId>

requests.http

 ### Get all plants
-GET http://localhost:8080/api/v1/plants
\ No newline at end of file
+GET http://localhost:8080/api/v1/plants
+Authorization: Bearer eyJhbGciOiJIUzI1NiJ9.eyJzdWIiOiJsdWthcy5rYXJzY2hAZ214LmRlIiwiaWF0IjoxNjk5ODczMDA4LCJleHAiOjE2OTk5NTk0MDh9.iU9gkWinFla3__ksuwLmKosevRXrrYlDdSQCPhNHxbM
+
+### Create account
+POST http://localhost:8080/api/v1/auth/register
+content-type: application/json
+
+{
+  "email": "lukas.karsch@gmx.de",
+  "firstname": "Lukas",
+  "lastname": "Karsch",
+  "password": "myPassword123"
+}
+
+### Authenticate
+POST http://localhost:8080/api/v1/auth/authenticate
+content-type: application/json
+
+{
+  "email": "lukas.karsch@gmx.de",
+  "password": "12345678"
+}

src/main/java/hdm/mi/growbros/auth/AuthenticationRequest.java

+package hdm.mi.growbros.auth;
+
+import lombok.AllArgsConstructor;
+import lombok.Builder;
+import lombok.Data;
+import lombok.NoArgsConstructor;
+
+@Data
+@Builder
+@AllArgsConstructor
+@NoArgsConstructor
+public class AuthenticationRequest {
+    private String email;
+    String password;
+}

src/main/java/hdm/mi/growbros/auth/AuthenticationResponse.java

+package hdm.mi.growbros.auth;
+
+import lombok.AllArgsConstructor;
+import lombok.Builder;
+import lombok.Data;
+import lombok.NoArgsConstructor;
+
+@Data
+@Builder
+@AllArgsConstructor
+@NoArgsConstructor
+public class AuthenticationResponse {
+    private String token;
+}

src/main/java/hdm/mi/growbros/auth/AuthenticationService.java

+package hdm.mi.growbros.auth;
+
+import hdm.mi.growbros.models.user.Role;
+import hdm.mi.growbros.models.user.User;
+import hdm.mi.growbros.models.user.UserRepository;
+import hdm.mi.growbros.security.JwtService;
+import lombok.RequiredArgsConstructor;
+import org.springframework.security.authentication.AuthenticationManager;
+import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
+import org.springframework.security.crypto.password.PasswordEncoder;
+import org.springframework.stereotype.Service;
+
+@Service
+@RequiredArgsConstructor
+public class AuthenticationService {
+    private final UserRepository repository;
+    private final PasswordEncoder passwordEncoder;
+    private final JwtService jwtService;
+    private final AuthenticationManager authenticationManager;
+    /**
+     * Ermöglicht es einen User zu erstellen und diesen in der Datenbank zu registrieren
+     * und daraus den Token zu erstellen.
+     * @param request
+     * @return
+     */
+    public AuthenticationResponse register(RegisterRequest request) {
+        var user = User.builder()
+                .firstname(request.getFirstname())
+                .lastname(request.getLastname())
+                .email(request.getEmail())
+                .password(passwordEncoder.encode(request.getPassword()))
+                .role(Role.USER)
+                .build();
+        repository.save(user);
+        var jwtToken = jwtService.generateToken(user);
+        return AuthenticationResponse.builder()
+                .token(jwtToken)
+                .build();
+    }
+
+    public AuthenticationResponse authenticate(AuthenticationRequest request) {
+        authenticationManager.authenticate(
+                new UsernamePasswordAuthenticationToken(
+                        request.getEmail(),
+                        request.getPassword()
+                )
+        );
+        var user = repository.findByEmail(request.getEmail()) //wenn der Nutzername und Passwort korrekt sind wird ein Token generiert
+                .orElseThrow();
+        var jwtToken = jwtService.generateToken(user);
+        return AuthenticationResponse.builder()
+                .token(jwtToken)
+                .build();
+    }
+}

src/main/java/hdm/mi/growbros/auth/RegisterRequest.java

+package hdm.mi.growbros.auth;
+
+import lombok.AllArgsConstructor;
+import lombok.Builder;
+import lombok.Data;
+import lombok.NoArgsConstructor;
+
+@Data
+@Builder
+@AllArgsConstructor
+@NoArgsConstructor
+public class RegisterRequest {
+    private String firstname;
+    private String lastname;
+    private String email;
+    private String password;
+}

src/main/java/hdm/mi/growbros/controllers/AuthenticationController.java

+package hdm.mi.growbros.controllers;
+
+import hdm.mi.growbros.auth.AuthenticationRequest;
+import hdm.mi.growbros.auth.AuthenticationResponse;
+import hdm.mi.growbros.auth.AuthenticationService;
+import hdm.mi.growbros.auth.RegisterRequest;
+import lombok.RequiredArgsConstructor;
+import org.springframework.http.ResponseEntity;
+import org.springframework.web.bind.annotation.PostMapping;
+import org.springframework.web.bind.annotation.RequestBody;
+import org.springframework.web.bind.annotation.RequestMapping;
+import org.springframework.web.bind.annotation.RestController;
+
+@RestController
+@RequestMapping("/api/v1/auth")
+@RequiredArgsConstructor
+public class AuthenticationController {
+    private final AuthenticationService service;
+    @PostMapping("/register")
+    public ResponseEntity<AuthenticationResponse> register(
+         @RequestBody RegisterRequest request
+    ) {
+        return ResponseEntity.ok(service.register(request));
+    }
+
+    @PostMapping("/authenticate")
+    public ResponseEntity<AuthenticationResponse> authenticate(
+            @RequestBody AuthenticationRequest request
+    ) {
+        return ResponseEntity.ok(service.authenticate(request));
+    }
+}

src/main/java/hdm/mi/growbros/models/user/Role.java

+package hdm.mi.growbros.models.user;
+
+public enum Role {
+    USER,
+    ADMIN
+}

src/main/java/hdm/mi/growbros/models/user/User.java

+package hdm.mi.growbros.models.user;
+
+import jakarta.persistence.*;
+import jakarta.validation.constraints.Email;
+import jakarta.validation.constraints.Size;
+import lombok.AllArgsConstructor;
+import lombok.Builder;
+import lombok.Data;
+import lombok.NoArgsConstructor;
+import org.springframework.security.core.GrantedAuthority;
+import org.springframework.security.core.authority.SimpleGrantedAuthority;
+import org.springframework.security.core.userdetails.UserDetails;
+
+import java.util.Collection;
+import java.util.List;
+
+@Data
+@Builder
+@NoArgsConstructor
+@AllArgsConstructor
+@Entity
+@Table(name = "_user")
+public class User implements UserDetails {
+    @Id
+    @GeneratedValue
+    private long id;
+
+    private String firstname;
+    private String lastname;
+
+    @Column(unique = true)
+    @Email
+    private String email;
+
+    @Size(min = 8)
+    private String password;
+
+    @Enumerated(EnumType.STRING)
+    private Role role;
+
+    @Override
+    public Collection<? extends GrantedAuthority> getAuthorities() {
+        return List.of(new SimpleGrantedAuthority(role.name()));
+    }
+
+    @Override
+    public String getPassword() {
+        return password;
+    }
+
+    @Override
+    public String getUsername() {
+        return email;
+    }
+
+    @Override
+    public boolean isAccountNonExpired() {
+        return true;
+    }
+
+    @Override
+    public boolean isAccountNonLocked() {
+        return true;
+    }
+
+    @Override
+    public boolean isCredentialsNonExpired() {
+        return true;
+    }
+
+    @Override
+    public boolean isEnabled() {
+        return true;
+    }
+}

src/main/java/hdm/mi/growbros/models/user/UserRepository.java

+package hdm.mi.growbros.models.user;
+
+import org.springframework.data.jpa.repository.JpaRepository;
+
+import java.util.Optional;
+
+public interface UserRepository extends JpaRepository<User, Long> {
+    Optional<User> findByEmail(String email);
+}

src/main/java/hdm/mi/growbros/security/ApplicationConfig.java

+package hdm.mi.growbros.security;
+
+import hdm.mi.growbros.models.user.UserRepository;
+import lombok.RequiredArgsConstructor;
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.security.authentication.AuthenticationManager;
+import org.springframework.security.authentication.AuthenticationProvider;
+import org.springframework.security.authentication.dao.DaoAuthenticationProvider;
+import org.springframework.security.config.annotation.authentication.configuration.AuthenticationConfiguration;
+import org.springframework.security.core.userdetails.UserDetailsService;
+import org.springframework.security.core.userdetails.UsernameNotFoundException;
+import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
+import org.springframework.security.crypto.password.PasswordEncoder;
+
+@Configuration
+@RequiredArgsConstructor
+public class ApplicationConfig {
+    private final UserRepository repository;
+    @Bean
+    public UserDetailsService userDetailsService() {
+        return username -> repository.findByEmail(username)
+                .orElseThrow(() -> new UsernameNotFoundException("User not found"));
+    }
+
+    /**
+     * Fetcht die Benutzer Daten und decodiert das Passwort.
+     * @return
+     */
+    @Bean
+    public AuthenticationProvider authenticationProvider() {
+        DaoAuthenticationProvider authProvider = new DaoAuthenticationProvider();
+        authProvider.setUserDetailsService(userDetailsService());
+        authProvider.setPasswordEncoder(passwordEncoder());
+        return authProvider;
+    }
+    @Bean
+    public AuthenticationManager authenticationManager(AuthenticationConfiguration config) throws Exception {
+        return config.getAuthenticationManager();
+    }
+    @Bean
+    public PasswordEncoder passwordEncoder() {
+        return new BCryptPasswordEncoder();
+    }
+}

src/main/java/hdm/mi/growbros/security/JwtAuthenticationFilter.java

+package hdm.mi.growbros.security;
+
+import jakarta.servlet.FilterChain;
+import jakarta.servlet.ServletException;
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletResponse;
+import lombok.NonNull;
+import lombok.RequiredArgsConstructor;
+import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
+import org.springframework.security.core.context.SecurityContextHolder;
+import org.springframework.security.core.userdetails.UserDetails;
+import org.springframework.security.core.userdetails.UserDetailsService;
+import org.springframework.security.web.authentication.WebAuthenticationDetailsSource;
+import org.springframework.stereotype.Component;
+import org.springframework.web.filter.OncePerRequestFilter;
+
+import java.io.IOException;
+
+@Component
+@RequiredArgsConstructor //nutzt jedes final Feld
+public class JwtAuthenticationFilter extends OncePerRequestFilter {
+
+    private final JwtService jwtService;
+    private final UserDetailsService userDetailsService;
+
+    @Override //überprüft bei jedem request ob ein Jwt dabei ist, wenn ja ob er gültig ist -> melde Nutzer an
+    protected void doFilterInternal(@NonNull HttpServletRequest request,@NonNull HttpServletResponse response, @NonNull FilterChain filterChain) throws ServletException, IOException {
+        final String authHeader = request.getHeader("Authorization");
+        final String jwt;
+        final String userEmail;
+        if(authHeader == null ||!authHeader.startsWith("Bearer ")) {
+            filterChain.doFilter(request, response);
+            return;
+        }
+        jwt = authHeader.substring(7); //extract jwt
+        userEmail = jwtService.extractUsername(jwt);// extract userEmail from jwt token with the help of a class that can manipulate the jwt -> jwt Service
+        if (userEmail != null && SecurityContextHolder.getContext().getAuthentication() == null) { //case user is not yet authenticated
+            UserDetails userDetails = this.userDetailsService.loadUserByUsername(userEmail); //get UserDetails from DataBase
+            if(jwtService.isTokenValid(jwt,userDetails)) { //case User is valid
+                UsernamePasswordAuthenticationToken authToken = new UsernamePasswordAuthenticationToken(
+                        userDetails,
+                        null,
+                        userDetails.getAuthorities()
+                );
+                authToken.setDetails(new WebAuthenticationDetailsSource().buildDetails(request)); //set request details on authToken
+                SecurityContextHolder.getContext().setAuthentication(authToken);//update SecurityContextHolder
+            }
+        }
+        filterChain.doFilter(request,response);
+    }
+}

src/main/java/hdm/mi/growbros/security/JwtService.java

+package hdm.mi.growbros.security;
+
+import io.jsonwebtoken.Claims;
+import io.jsonwebtoken.Jwts;
+import io.jsonwebtoken.SignatureAlgorithm;
+import io.jsonwebtoken.io.Decoders;
+import io.jsonwebtoken.security.Keys;
+import org.springframework.security.core.userdetails.UserDetails;
+import org.springframework.stereotype.Service;
+
+import java.security.Key;
+import java.util.Date;
+import java.util.HashMap;
+import java.util.Map;
+import java.util.function.Function;
+
+@Service
+public class JwtService {
+    private static final String SECRET_KEY = "222972303468637b5e6a2c467e5f6c4d4542632e4257797b6d6d7e28564d534a";
+    public String extractUsername(String token) {
+        return extractClaim(token,Claims::getSubject); //Subject ist der Username(für Spring) bzw. bei uns email
+    }
+
+    /**
+     * Extrahiert einen einzelnen Claim aus dem Jwt.
+     * @param token
+     * @param claimsResolver generische Funktion welche angibt welcher Claim aus dem Jwt extrahiert werden soll
+     * @return Ein einzelner Claim aud dem Jwt.
+     * @param <T>
+     */
+    public <T> T extractClaim(String token, Function<Claims, T> claimsResolver) {
+        final Claims claims = extractAllClaims(token);
+        return claimsResolver.apply(claims);
+    }
+
+    public String generateToken(UserDetails userDetails) {
+        return generateToken(new HashMap<>(), userDetails);
+    }
+
+    public String generateToken(Map<String, Object> extraClaims, UserDetails userDetails) {
+        return Jwts
+                .builder()
+                .setClaims(extraClaims)
+                .setSubject(userDetails.getUsername())
+                .setIssuedAt(new Date(System.currentTimeMillis()))
+                .setExpiration(new Date(System.currentTimeMillis() + 1000 * 60 * 60 * 24)) //token ist 24h gültig
+                .signWith(getSignInKey(), SignatureAlgorithm.HS256)
+                .compact();
+    }
+    public boolean isTokenValid(String token, UserDetails userDetails) {
+        final String username = extractUsername(token);
+        return (username.equals(userDetails.getUsername())) && !isTokenExpired(token);
+    }
+
+    private boolean isTokenExpired(String token) {
+        return extractExpiration(token).before(new Date());
+    }
+
+    private Date extractExpiration(String token) {
+        return extractClaim(token, Claims::getExpiration);
+    }
+
+    /**
+     * extrahiert die "Claims" = Ansprüche die im Token selbst enthalten sind.
+     * Ein JWT besteht aus drei Teilen: dem Header, den Claims und der Signatur.
+     * Die Claims sind der Hauptteil, der die nützlichen Informationen enthält (z.B. iss = Aussteller des Tokens...)
+     * @param token
+     * @return alle Claims des Jwt
+     */
+    private Claims extractAllClaims(String token) {
+        return Jwts
+                .parserBuilder()
+                .setSigningKey(getSignInKey())
+                .build()
+                .parseClaimsJws(token)
+                .getBody();
+
+    }
+
+    private Key getSignInKey() {
+        byte[] keyBytes = Decoders.BASE64.decode(SECRET_KEY);
+        return Keys.hmacShaKeyFor(keyBytes); //hmacShaKeyFor = Algorithmus
+    }
+}

src/main/java/hdm/mi/growbros/security/SecurityConfiguration.java

+package hdm.mi.growbros.security;
+
+import lombok.RequiredArgsConstructor;
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.security.authentication.AuthenticationProvider;
+import org.springframework.security.config.annotation.web.builders.HttpSecurity;
+import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
+import org.springframework.security.config.annotation.web.configurers.HeadersConfigurer;
+import org.springframework.security.config.http.SessionCreationPolicy;
+import org.springframework.security.web.SecurityFilterChain;
+import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
+import org.springframework.security.web.servlet.util.matcher.MvcRequestMatcher;
+import org.springframework.web.servlet.handler.HandlerMappingIntrospector;
+
+import static org.springframework.boot.autoconfigure.security.servlet.PathRequest.toH2Console;
+
+/**
+ * Configuration of the filter chain.
+ */
+@Configuration
+@EnableWebSecurity
+@RequiredArgsConstructor
+public class SecurityConfiguration {
+    private final JwtAuthenticationFilter jwtAuthFilter;
+    private final AuthenticationProvider authenticationProvider;
+
+    @Bean
+    public SecurityFilterChain securityFilterChain(HttpSecurity http, MvcRequestMatcher.Builder mvc) throws Exception {
+        http
+                .csrf(csrf -> {
+                    csrf.disable();
+                    csrf.ignoringRequestMatchers(toH2Console());
+                })
+                .authorizeHttpRequests((authorize) -> //whitelist
+                        authorize
+                                .requestMatchers(toH2Console()).permitAll()
+                                .requestMatchers(mvc.pattern("/api/v1/auth/**")).permitAll()
+                                .anyRequest().authenticated()
+                )
+                .headers(headers -> headers.frameOptions(
+                        HeadersConfigurer.FrameOptionsConfig::sameOrigin)
+                )
+                .sessionManagement((sessionManagement) ->
+                        sessionManagement
+                                .sessionCreationPolicy(SessionCreationPolicy.STATELESS) //stellt sicher dass man sich in jeder Session authentifizieren muss
+                )
+                .authenticationProvider(authenticationProvider)
+                .addFilterBefore(jwtAuthFilter, UsernamePasswordAuthenticationFilter.class);
+
+        return http.build();
+    }
+
+    @Bean
+    MvcRequestMatcher.Builder mvc(HandlerMappingIntrospector introspector) {
+        //see https://stackoverflow.com/questions/76809698/spring-security-method-cannot-decide-pattern-is-mvc-or-not-spring-boot-applicati
+        return new MvcRequestMatcher.Builder(introspector);
+    }
+}

src/main/resources/application.properties

-spring.datasource.url=jdbc:h2:mem:testdb
+spring.datasource.url=jdbc:h2:~/growbros
+spring.jpa.hibernate.ddl-auto=update
 spring.datasource.driverClassName=org.h2.Driver
 spring.datasource.username=admin
 spring.datasource.password=admin
 spring.jpa.database-platform=org.hibernate.dialect.H2Dialect
 spring.h2.console.enabled=true
+
+app.jwtSecret = ffjsdafhjkfkafSecretjkdlfhw
\ No newline at end of file